Online romantics targeted by dating site phishing attack

Filed Under: Featured, Phishing, Spam

Cursor on heart. Image courtesy of ShutterstockMore and more people are looking for love online.

As a consequence, millions of people have created accounts on online dating websites, which they have filled with personal information and (typically) poorly lit webcam photographs of themselves.

One of the leading dating websites is Match.com, which means that many people might have been tempted to click on the link in this spammed-out email:

Match.com phishing email

Subject: Match.com account verification

Message body:
Our Valued Customer,
You Have 1 New Security Message Alert !
Click here to resolve the problem
Thank you for helping us to protect you.

Yours Sincerely,
Match Online

Fortunately, the bogus website that potential victims are taken to is hardly the most convincing replica of the real Match.com website:

Match.com phishing website

Of course, if you do mistakenly enter your login credentials onto the phishing website, you may not only be handing over control of your dating account to unknown cybercriminals.

They could see if you're one of the many people who use the same password on multiple websites, and explore whether your Match.com password might also unlock - say - your email account.

The bad guys could also line you up for a more convincing targeted attack, using your personal information to lure you into believing you are receiving a legitimate communication from Match.com, perhaps tempting you into clicking a link by showing you possible dates. That link could lead to malware, identity theft or further compromise of your online accounts.

The cybercriminals are not just interested in breaking into your bank accounts. Any information which they can mine from you for monetary purposes, or opportunity to infect your computer, is an attractive goal.

If you're engaged in online dating you're advised to take steps to protect yourself, and are wise to look before you leap. The same should be true if you want to avoid being phished. Always be wary of unsolicited email messages, and think before you click.

Hat tip: Thanks to Naked Security reader Kevin for bringing this phishing campaign to our attention.

Mouse cursor on heart image courtesy of Shutterstock.

, , ,

You might like

One Response to Online romantics targeted by dating site phishing attack

  1. Robert Wurzburg · 866 days ago

    Thanks for the info on this particular attack and exploit.

    Truth is, any website you use, whether dating, email, social networking, shopping,
    and forums as some examples can be used for this type of exploit and other kinds.

    NEVER open emails from unknown senders, or click on links in emails. These kind
    of emails end up in your SPAM or BULK folder for a very good reason. They are on an
    email service's filter list of websites and senders (email addresses, names) which
    are known to be phishing or malicious 99.5% of the time based on experience and
    information. Help your SPAM filters by reporting these types of emails as SPAM and
    that will help protect other users by raising the red flag redirecting them to everyone's
    SPAM folder.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.